Port Forwarding

Port Forwarding

Since we aren't running any services on the firewall, we can't run our own FTP or Hypertext Transfer Protocol (HTTP) server. At least, we can't unless we tell the firewall where it should send those inbound requests for HTTP traffic. Basically, we're going to do port forwarding, which is to say that the firewall will take all requests on a certain port and forward them to a machine hidden on the internal network. Once again, your network will appear as if it is only one machine.

This can lead to confusing responses for crackers. They'll do a scan on your firewall and determine that it is running Linux, but the WWW server on it seems to be Microsoft Internet Information Server. That isn't possible! Your Linux box is simply forwarding traffic from port 80 to some NT server on your network. Granted, any cracker worth his weight in lint will quickly figure out what's going on.

Actually Getting PORTFW Installed in the Kernel

Well, this is easier said than done! First, make sure you have " experimental drivers " enabled, as seen in Figure 3-2 . Then go down to network and enable "Masquerading special modules support (NEW)." Then go down and enable "IP: ipportfw masq support (EXPERIMENTAL) (NEW)" ( Figure 3-3 ).

Figure 3-2. Experimental drivers.

Figure 3-3. Port forward support.

Recompile. Install. Reboot.

For what it's worth, I tried to enable ipportfw without enabling experimental/incomplete drivers. All it did was waste two hours. But it did show me how fast my P75 router can reboot: 60 seconds. That's not too shabby.

Compiling ipmasqadm

I downloaded ipmasqadm from http:// freshmeat .net/projects/ipmasqadm/altdownload/ipmasqadm-0.4.2.tar.gz , and the only change I had to make was to edit the Common.mk file and change KSRC so that it pointed at my Linux kernel source ” /usr/src/linux. After that, it compiled okay.

Forwarding HTTP Traffic

Once the kernel and ipmasqadm were properly configured, all I did to forward the ports to my Web server was thus:

ipmasqadm portfw -a -P tcp -L 24.26.178.68 80 -R 192.168.2.102 80

As you'll note, my externally addressable IP was 24.26.178.68, and the internal Web server is at 192.168.2.102. Simple, eh?

 



Multitool Linux. Practical Uses for Open Source Software
Multitool Linux: Practical Uses for Open Source Software
ISBN: 0201734206
EAN: 2147483647
Year: 2002
Pages: 257

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net